CESG publish new platform security guidance to help protect official information

Page Content

Press Release 14 Oct 2013​

CESG, the Information Security Arm of GCHQ, has today released new security guidance for over ten different end user devices.

The new online guidance is designed to help UK public sector security architects, system administrators and end-users as they deploy and use the latest laptops, desktops, tablets and smartphones.

Building on the Cabinet Office's End User Device Security Framework, this new guidance provides advice to those deploying devices by providing details on how particular platforms can be configured to achieve the key security recommendations contained in the Framework.

The guidance also contains good practice advice on system architectures for remote and mobile working; details of particular configuration choices for each platform; and notes particular security risks and issues that organisations need to be aware of.

Jonathan Hoyle, Director General for Government and Industry Cyber Security at GCHQ said:

“Finding the right balance between security and usability is critical for all organisations and we have put this principle at the heart of our work. This guidance is the result of close collaboration between CESG’s cyber security experts, our partners in industry and the public sector. It provides an excellent set of recommendations for anyone trying to enable secure business using the latest technologies in a cost-effective way.”

CESG’s newly-published guidance provides straightforward configuration advice for a range of devices and seeks to take a balanced approach between security and usability for remote or mobile working devices; helping to reduce common risks to an organisation's information whilst still providing the flexibility and ease of use required.

Liam Maxwell, the UK Government’s Chief Technology Officer said of the guidance:

"This is precisely the sort of approach to security we need - simple, pragmatic, understandable."

Notes for the Editors

About the guidance

The aim of the guidance is to harness security technologies in a way that does not significantly reduce their functionality.

The security guidance is available for:

Android

Samsung Devices with Android

BlackBerry 10

Apple iOS

Windows 7, 8 and RT

Ubuntu

Apple OS X

Windows Phone

Chrome OS

The publication of this guidance is not an "approval" of these platforms by CESG; instead it is guidance to help Government and Public Sector organisations manage their risks when deploying these devices. Guidance for additional devices will be issued in future updates.

About GCHQ

GCHQ is one of the three UK intelligence agencies. Further information can be found at: http://www.gchq.gov.ukCESG is the UK Government’s National Technical Authority for Information Assurance (IA) and protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia.

About Cabinet Office

The Cabinet Office is responsible for the UK Cyber Security Strategy published in November 2011 and runs the National Cyber Security Programme (NCSP). The NCSP is investing £860 million of funding to 2016 on work programmes and initiatives to bolster the UK’s cyber security capabilities.